A Radically Simpler Approach to Web Content Filtering & Security As the Internet has grown it’s become increasingly complex and dangerous or users to navigate. Each day there are new threats to contend with: Web sites that inect users’ machines with malware, propagat ing botnets, phishing scams, and more. On top othat there’s a growing array oinappropriate and “recreational” uses othe Internet such as adult Web sites, social networking applications like MySpace and Facebook, and bandwidth-intensive video sites like YouTube. So, it’s no surprise that Web content fltering and security have become essential unctions or most enterprises. Tools that provide these unctions help ensure sae Internet use, compliance with Internet-use policies, and a reduction in unproductive Web use and trafc. The challenge or IT organizations is that tr aditional solutions have been high cost and high overhead. They typically require customers to buy hardware appliances that are placed inline in the network path, slowing down the overall network and taxing frewall and other system resources. Another issue is that they can miss a lot o the new non-web tra fc, such as P2P . Fortunately , there are three developments that have made a new, radically simpler approach to Web content fltering and security possible: The emergence ocloud-based services (SaaS — Sotware as a Service), which •require no hardware or sotware to be installed or maintained. The growth ocloud-accessible domain intelligence — inormation about the •quality, integrity and nature oWeb sites. And the fnal piece othe puzzle was to realize that recursive DNS service, typically •provided by an ISP, could be used as an eective fltering and security mechanism — easily evaluating domains and IPs when the DNS query is requested . WHITEPAPER
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Providing Web content fltering across organizations with widespread
locations, such as retail operations, has historically been a challenge. It’s
simply cost prohibitive and overly time consuming to deploy and manage
appliances at each site, particularly when there is no local IT sta. One
solution is or an organization to have all o their trafc routed back through
their VPN, but this entails a signifcant perormance penalty and costs.
Because o these challenges, many retail locations currently go unprotected.
DNS-based web content fltering and security can be a perect solution or
retail. It’s easy, ast, inexpensive, and hundreds o sites can be managed
rom a single console. And policies can be confgured so that they are
consistent with other Web content fltering tools already in use. For example,
many organizations ensure that DNS requests are orced to OpenDNS with
the use o frewall policies and that users are unable to modiy their local
Hosts fle to prevent bypassing the DNS or lookups.
Content fltering or retail locations can help ensure that unsupervised
employees are not distracted by “recreational” applications at the expense o
helping customers or doing productive work.
A RADICALLY SIMPLER APPROACH TO WEB CONTENT FILTERING & SECURITY · PAGE 5 OF 7
Remote Ofces and Sales Ofces
Remote ofces with mobile workers have also been under-served by web
fltering due to the difculty o using traditional tools, but it is a critical area
since many organizations get inected by malware through remote/mobile
workers who access the Internet without passing through corporate fltering
tools. A DNS-based approach allows remote and mobile workers to access
the Internet directly, but still be under centralized policy control. To set up
a remote ofce, a network administrator simply logs in remotely to reconfgure
DNS settings on the local router or individual laptops and then manages
policies or many remote locations rom a single web interace.
“We looked at installing hardware appliances in each o our retail locations, but the orecasted
cost turned out to be way more than we were willing to spend. We chose OpenDNS because
it’s not only ree but allows us to control the fltering or all o our retail locations rom a
single interace.”
— Dale Hobbs, LUSH Cosmetics, 149 store locations in North America
“OpenDNS represents the easiest way to do content fltering at our remote ofce locationsacross the United States. Deploying at all sites took us under an hour and we can manage
all sites through one Web-based account. Purchasing an appliance or each site would have
absolutely been cost-prohibitive.”
— Michael Dragone, Titleserv, remote and branch ofces across the US